VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 70 of 278
  • CVE-2025-23534MedFeb 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Mark Winiarski WPLingo wplingo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLingo: from n/a through <= 1.1.2.

  • CVE-2025-22730MedFeb 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.2.

  • CVE-2024-13529MedFeb 4, 2025
    risk 0.42cvss 6.5epss 0.00

    The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for…

  • CVE-2025-24697MedFeb 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery awesome-responsive-photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Gallery – Responsive Photo Gallery: from n/a through…

  • CVE-2025-24643MedFeb 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through <= 1.1.0.

  • CVE-2025-24642MedFeb 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in theme funda Setup Default Featured Image setup-default-feature-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Setup Default Featured Image: from n/a through <= 1.2.

  • CVE-2025-23527MedFeb 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in hemnathmouli WC Wallet wc-wallet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WC Wallet: from n/a through <= 2.2.0.

  • CVE-2025-22265MedJan 31, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in mgplugin EMI Calculator emi-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EMI Calculator: from n/a through <= 1.1.

  • CVE-2025-24143MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.

  • CVE-2025-24606MedJan 27, 2025
    risk 0.42cvss 6.4epss 0.00

    Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.1.

  • CVE-2025-23656MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Saul Morales Pacheco Donate visa donate-visa allows Stored XSS.This issue affects Donate visa: from n/a through <= 1.0.0.

  • CVE-2025-23529MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Minterpress: from n/a through <= 1.0.5.

  • CVE-2024-13370MedJan 25, 2025
    risk 0.42cvss 6.5epss 0.00

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.3.…

  • CVE-2025-24594MedJan 24, 2025
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.7.

  • CVE-2025-24588MedJan 24, 2025
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through <= 1.9.1.

  • CVE-2025-24580MedJan 24, 2025
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.

  • CVE-2025-23486MedJan 22, 2025
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in tamlyn Database Sync database-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database Sync: from n/a through <= 0.5.1.

  • CVE-2024-50967MedJan 17, 2025
    risk 0.42cvss 6.5epss 0.02

    The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information.

  • CVE-2024-13367MedJan 17, 2025
    risk 0.42cvss 6.5epss 0.00

    The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to…

  • CVE-2024-56295MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.6.